mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
63e3c75374
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
63 lines
2.9 KiB
XML
63 lines
2.9 KiB
XML
<samba:parameter name="map to guest"
|
|
type="enum"
|
|
context="G"
|
|
enumlist="enum_map_to_guest"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This parameter can take four different values, which tell
|
|
<citerefentry><refentrytitle>smbd</refentrytitle>
|
|
<manvolnum>8</manvolnum></citerefentry> what to do with user
|
|
login requests that don't match a valid UNIX user in some way.</para>
|
|
|
|
<para>The four settings are :</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><constant>Never</constant> - Means user login
|
|
requests with an invalid password are rejected. This is the
|
|
default.</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para><constant>Bad User</constant> - Means user
|
|
logins with an invalid password are rejected, unless the username
|
|
does not exist, in which case it is treated as a guest login and
|
|
mapped into the <smbconfoption name="guest account"/>.</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para><constant>Bad Password</constant> - Means user logins
|
|
with an invalid password are treated as a guest login and mapped
|
|
into the <smbconfoption name="guest account"/>. Note that
|
|
this can cause problems as it means that any user incorrectly typing
|
|
their password will be silently logged on as "guest" - and
|
|
will not know the reason they cannot access files they think
|
|
they should - there will have been no message given to them
|
|
that they got their password wrong. Helpdesk services will
|
|
<emphasis>hate</emphasis> you if you set the <parameter moreinfo="none">map to
|
|
guest</parameter> parameter this way :-).</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><constant>Bad Uid</constant> - Is only applicable when Samba is configured
|
|
in some type of domain mode security (security = {domain|ads}) and means that
|
|
user logins which are successfully authenticated but which have no valid Unix
|
|
user account (and smbd is unable to create one) should be mapped to the defined
|
|
guest account. This was the default behavior of Samba 2.x releases. Note that
|
|
if a member server is running winbindd, this option should never be required
|
|
because the nss_winbind library will export the Windows domain users and groups
|
|
to the underlying OS via the Name Service Switch interface.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<para>Note that this parameter is needed to set up "Guest"
|
|
share services. This is because in these modes the name of the resource being
|
|
requested is <emphasis>not</emphasis> sent to the server until after
|
|
the server has successfully authenticated the client so the server
|
|
cannot make authentication decisions at the correct time (connection
|
|
to the share) for "Guest" shares. </para>
|
|
</description>
|
|
|
|
<value type="default">Never</value>
|
|
<value type="example">Bad User</value>
|
|
</samba:parameter>
|